Created
December 29, 2016 23:36
Star
You must be signed in to star a gist
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/python | |
from Crypto.Cipher import AES | |
import pwn | |
import binascii | |
import sys | |
import os | |
BS = 16 | |
pad = lambda s: s + (BS - len(s) % BS) * chr(BS - len(s) % BS) | |
RHOST = "78.46.224.87" | |
# RHOST = "127.0.0.1" | |
RPORT = 12345 | |
CLIENT_MRAND = "\x02" * 16 | |
AES_PINKEY = "\x31\xb9\x0b\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" # 768305 ? | |
preshared_crypto = AES.new(AES_PINKEY,AES.MODE_ECB) | |
AES_CLIENTKEY = preshared_crypto.encrypt(CLIENT_MRAND) | |
# preshared_crypto2 = AES.new(AES_PINKEY,AES.MODE_ECB) | |
# print binascii.hexlify(preshared_crypto2.decrypt(binascii.unhexlify("0b11b65705888b8fb4fc71e82cb7c8cf"))) | |
# sys.exit(0) | |
p = pwn.remote(RHOST,RPORT) | |
print " [>] sending MCONFIRM, which is AES(key=PIN,data=MRAND) : " + binascii.hexlify(AES_CLIENTKEY) | |
# USER SELECT | |
p.send("\x15\x00\x00\x00\x02" + AES_CLIENTKEY) | |
print " [<] recving SCONFIRM, decrypted key in data_decrypted..." | |
data = p.recv() | |
if data[0] != '\x14': | |
print " [!] unexpected data packet %s" % binascii.hexlify(data) | |
sys.exit(0) | |
print " [!] received: %s" % binascii.hexlify(data[4:]) | |
SCONFIRM_DECRYPTED = preshared_crypto .decrypt(data[4:]) | |
print " [!] decrypted: %s" % binascii.hexlify(SCONFIRM_DECRYPTED) | |
# this decrypted value is the value originally encrypted by the server at the first call | |
# of 0x00401481, after receiving MConfirm (i.e. SConfirm). we know SConfirm is | |
# this for sure. | |
print " [>] sending MRAND, which is 0x02 * 16" | |
p.send("\x14\x00\x00\x00" + CLIENT_MRAND) | |
print " [<] recving SRAND, decrypted key in srand_decrypted..." | |
data = p.recv() | |
if data[0] != '\x14': | |
print " [!] unexpected data packet %s" % binascii.hexlify(data) | |
sys.exit(0) | |
print " [!] SRAND received: %s" % binascii.hexlify(data[4:]) | |
SRAND_DECRYPTED = preshared_crypto .decrypt(data[4:]) | |
SRAND_RECEIVED = data[4:] | |
print " [!] our unencrypted session key is [CORRECT] : " + binascii.hexlify(SRAND_RECEIVED[8:] + CLIENT_MRAND[0:8]) | |
CBC_KEY = preshared_crypto.encrypt(SRAND_RECEIVED[8:] + CLIENT_MRAND[0:8]) | |
print " [!] our session key is s1(tk,srand,mrand) : " + binascii.hexlify(CBC_KEY) | |
print " [CBC_KEY/session key IS CORRECT:BREAK AT 0x401894 and VERIFY 0x608060]" | |
def sessionkey_encrypt(string): | |
srand_crypto = AES.new(CBC_KEY, AES.MODE_CBC,'\x00' * 16) | |
return srand_crypto.encrypt(pad(string)) | |
def sessionkey_decrypt(string): | |
srand_crypto = AES.new(CBC_KEY, AES.MODE_CBC,'\x00' * 16) | |
return srand_crypto.decrypt(string) | |
encrypted_open = sessionkey_encrypt("OPEN 1") | |
print " [>] trying to send OPEN 1, which is " + binascii.hexlify(encrypted_open) | |
p.send("\x14\x00\x00\x00" + encrypted_open) | |
encrypted_list = sessionkey_encrypt("LIST") | |
print " [>] trying to send LIST, which is " + binascii.hexlify(encrypted_list) | |
p.send("\x14\x00\x00\x00" + encrypted_list) | |
data = p.recv() | |
print sessionkey_decrypt(data[4:]) | |
encrypted_take = sessionkey_encrypt("SHOW 0") | |
print " [>] trying to send TAKE 0, which is " + binascii.hexlify(encrypted_take) | |
p.send("\x14\x00\x00\x00" + encrypted_take) | |
data = p.recv() | |
print sessionkey_decrypt(data[4:]) | |
p.close() |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment